Recently taken a look at OPNSense and saw that they do block Bogons. I’m aware that Team Cymru maintains a list of bogons so that people can block them – Feeding them into iptables takes a while (tried it) and I believe iptables will slow down network traffic if one does so. That’s a job for ipset.
Continue Reading
Building a hidden / transparent bridge in Linux
Now that I do play around with Open vSwitch I wanted to create a hidden bridge in front of my virtual systems which is a VM itself. All traffic should basically pass that virtual system.
Continue Reading
Open vSwitch with KVM/libvirt in Debian Stretch
Just switched from a plain linux bridge to Open vSwitch.
Continue Reading
IPsec between strongswan and my android phone (IKEv2 EAP-TLS)
So and here we go again. Another article about ipsec using strongswan.
Continue Reading
Chemnitzer Linux Tage 2018
Mail/DNS: Sender Policy Framework
Bei dieser Technik wird bei der entsprechenden Domain im DNS eine
Liste der für den Versand erlaubten Hosts beziehungsweise IPs hinterlegt. Kommt eine E-Mail von einem
System, welches nicht in dieser Liste ist, kann die E-Mail je nach Regelung geblockt, stärker gefiltert
oder zugelassen werden. Bei dieser Prüfung werden sowohl die Adresse aus MAIL FROM als auch
die Adresse aus HELO herangezogen.
DNS Infrastructure: Bogons
In my previous post I’ve shown that I did use a bogons list to filter out bad hosts from my dns-infrastructure. Here’s a script on how to fetch that:
Continue Reading
DNS Infrastructure: #2 Hidden Master
A hidden primary master is a nameserver which is not publicly advertised. It does not answer queries; it’s only purpose is to act as source for authoritative data. The easiest way to achieve this is to treat the publicly advertised nameservers as slaves:
Continue Reading
DNS Infrastructure: #1 Overview
Here’s an Overview about the setup I’ve built.
Continue Reading
Leftover
I’ve been working self-employed since 2003 doing Webdevelopment, Webhosting and Systemadministration. End of 2014 I started my life as employee and in November last year I’ve decided to quit being self-employed. In this category I am publishing documentation, howtos which I wrote for myself.